Installing the ACS Server
After you download the Cisco Secure ACS 5.8.1 ISO image, you can use any of the following options to install and set up the Cisco Secure ACS 5.8.1 software on your appliance:
■Configure the Cisco Integrated Management Interface (CIMC) and use it to install Cisco Secure ACS 5.8.1 remotely via the network. See Configuring CIMC, Installing ACS 5.8.1 on the Cisco SNS-3415/3495 Appliance Remotely Using CIMC and Running the Setup Program.
■Create a bootable USB Drive and use it to install Cisco Secure ACS 5.8.1. See Creating a Bootable USB Drive, Installing ACS 5.8.1 on the Cisco SNS-3415/3495 Appliance Using the USB Drive, and Running the Setup Program.
Installing ACS 5.8.1 on the Cisco SNS-3415/3495 Appliance Remotely Using CIMC
After you have configured the CIMC for your appliance, you can use it to manage your Cisco SNS-3415 or Cisco SNS-3495 appliance. You can perform all operations including BIOS configuration on your Cisco SNS-3415 or Cisco SNS-3495 appliance through the CIMC.
1. Connect to the CIMC for server management. Connect Ethernet cables from your LAN to the server, using the ports that you selected in NIC Mode setting. The Active-active and Active-passive NIC redundancy settings require you to connect to two ports.
2. Use a browser and the IP address of the CIMC to log in to the CIMC Setup Utility. The IP address is based upon your CIMC config settings that you made (either a static address or the address assigned by your DHCP server).
Note: The default user name for the server is admin. The default password is password.
3. Use your CIMC credentials to log in.
4. Click Launch KVM Console.
5. Click Virtual Media.
6. Select Activate Virtual Devices from the list.
You can view the check mark near to Activate Virtual Devices option.
7. Click Virtual Media again, and select MAP CD/DVD option.
8. Click Browse and locate the ACS 5.8.1 ISO image.
9. Click Map Device.
10. Choose Macros > Static Macros > Ctrl-Alt-Del to boot the Cisco SNS-3415 or Cisco SNS-3495 appliance using the ISO image.
11. Enter F6 to bring up the boot menu. A screen similar to the following one appears.
12. Select the Cisco vKVM-Mapped vDVD that you mapped and press Enter. The following message is displayed.
Welcome to the Cisco Secure ACS 5.8.1 Recovery
To boot from hard disk press <Enter>
[1] Cisco Secure ACS Installation (Keyboard/Monitor)
[2] Cisco Secure ACS Installation (Serial Console)
[3] Recover administrator password (Keyboard/Monitor
[4] Recover administrator password (Serial Console)
<Enter> Boot existing OS from hard disk.
Enter boot option and press <Enter>
13. At the boot prompt, enter 1 and press Enter.
14. After you enter the network configuration parameters in the Setup mode, the appliance automatically reboots, and returns to the shell prompt mode.
15. Exit from the shell prompt mode. The appliance comes up.
16. Continue with Verifying the Installation Process.
Installing ACS 5.8.1 on the Cisco SNS-3415/3495 Appliance Using the USB Drive
To install ACS 5.8.1 on the Cisco SNS-3415 or Cisco SNS-3495 appliance using the USB drive, complete the following steps:
Before You Begin
You need to create a bootable USB drive. See Creating a Bootable USB Drive.
1. Power on the Cisco SNS-3415 or Cisco SNS-3495 appliance.
2. Plug in your bootable USB drive that has the Cisco Secure ACS ISO image into the USB port.
3. Restart ACS and go to the BIOS mode.
4. In the BIOS mode, choose boot from USB.
5. Exit from the BIOS mode and click Save.
6. Again, restart ACS and boot from USB.
7. Now, continue reimaging the Cisco SNS-3415 or Cisco SNS-3495 using the USB drive.
The following message is displayed.
Welcome to the Cisco Secure ACS 5.8.1 Recovery
To boot from hard disk press <Enter>
[1] Cisco Secure ACS Installation (Keyboard/Monitor)
[2] Cisco Secure ACS Installation (Serial Console)
[3] Reset administrator password (Keyboard/Monitor
[4] Reset administrator password (Serial Console)
<Remove USB key and reboot to boot existing Hard Disk>
Please enter boot option and press <Enter>
8. At the boot prompt, enter 1 and press Enter.
9. After you enter the network configuration parameters in Setup mode, the appliance automatically reboots and returns to the shell prompt mode.
10. Exit from the shell prompt mode. The appliance comes up.
11. Continue with Verifying the Installation Process.
Creating a Bootable USB Drive
You can download the ACS 5.8.1 USB Installation tool for SNS-3415, and SNS-3495 (ACS_58_USB_Installation_tool.zip) zip from the Cisco Secure ACS 5.8.1 Download Software section on Cisco.com. This zip file contains the bootable scripts which needs to be extracted to create a bootable USB to install Cisco Secure Access Control System 5.8.1.
Before You Begin
■You should have the ACS_581_USB_Installation_tool.zip file.
■You need the following:
–Linux machine with RHEL-5 or RHEL-6, CentOS 5. x or CentOS 6. x. If you are going to use your PC or MAC, ensure that you have installed a Linux VM on it.
–A 4-GB USB drive
–The iso-to-usb.sh script
■You should have access permissions to the drives in the local Linux machine.
1. Plug in your USB drive into the USB port.
2. Copy the iso-to-usb.sh script and the Cisco Secure ACS 5.8.1 ISO image to a directory on your linux machine.
3. Enter the following command:
iso-to-usb.sh source_iso usb_device
For example, # ./iso-to-usb.sh ACS_v5.8.1.0.32.iso/dev/sdc where iso-to-usb.sh is the name of the script, ACS_v5.8.1.0.32.iso is the name of the ISO image, and /dev/sdc is your USB device.
The following success message is displayed.
THIS SCRIPT WILL DELETE ALL EXISTING CONTENT ON YOUR USB DRIVE: /dev/sdb/
ARE YOU SURE YOU WANT TO CONTINUE? [Y/N]: y
Deleting partition table on USB drive: /dev/sdb...
Creating new partition table on USB drive: /dev/sdb...
Formatting BOOT partition: /dev/sdb1 as VFAT...
Formatting DATA partition: /dev/sdb2 as EXT2...
Copying syslinux files to USB partition: /dev/sdb1...
Copying ISO file to USB partition: /dev/sdb2...
4. Unplug your USB drive.
Note: After you execute the command iso-to-usb.sh, your USB drive will be partitioned in a format where non-Linux operating systems will not recognize all of the spaces available in it. To repartition your USB drive for general purpose use with Windows or MAC operating system, you need to run the command repurpose-usb.sh utility in this directory. This utility will repartition and reformat your USB key for general use.
Running the Setup Program
This section describes the setup process to install the ACS server.
The setup program launches an interactive command-line interface (CLI) that prompts you for the required parameters.
An administrator can use the console or a dumb terminal to configure the initial network settings and provide the initial administrator credentials for the ACS 5.8.1 server using the setup program. The setup process is a one-time configuration task.
To install the ACS server:
1. Power on the appliance.
The setup prompt appears:
Please type ‘setup’ to configure the appliance
2. At the login prompt, enter setup and press Enter.
The console displays a set of parameters. You must enter the parameters as described in Table 1.
Note: You can interrupt the setup process at any time by typing Ctrl-C before the last setup value is entered.
Table 1 Network Configuration Parameters
|
|
|
|
Host Name |
localhost |
First letter must be an ASCII character. Length must be from 3 to 15 characters. Valid characters are alphanumeric (A-Z, a-z, 0-9), hyphen (-), and the first character must be a letter. Note: When you intend to use AD ID store and set up multiple ACS instances with same name prefix, use maximum of 15 characters as the host name so that it does not affect the AD functionality. |
Enter the hostname. |
IPV4 IP Address |
None, network specific |
Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. |
Enter the IP address. |
IPv4 Netmask |
None, network specific |
Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. |
Enter a valid netmask. |
IPv4 Gateway |
None, network specific |
Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. |
Enter a valid default gateway. |
Domain Name |
None, network specific |
Cannot be an IP address. Valid characters are ASCII characters, any numbers, hyphen (-), and period (.). |
Enter the domain name. |
IPv4 Primary Name Server Address |
None, network specific |
Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. |
Enter a valid name server address. |
Add/ another nameserver |
None, network specific |
Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. Note: You can configure a maximum of three name servers from ACS CLI. |
To configure multiple name servers, enter Y. |
NTP Server |
time.nist.gov |
Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255 or a domain name server. Note: You can configure a maximum of three NTP servers from ACS CLI. |
Enter a valid domain name server or an IPv4 address. |
Timezone |
UTC |
Must be a valid local time zone. |
Enter a valid timezone. |
SSH Service |
None, network specific |
None |
To enable SSH services, enter Y. |
Username |
admin |
The name of the first administrative user. You can accept the default or enter a new username. Must be from 3 to 8 characters, and must be alphanumeric (A-Z, a-z, 0-9). |
Enter the username. |
Admin Password |
None |
No default password. Enter your password. The password must be at least six characters in length, have at least one lowercase letter, one uppercase letter, and one number. In addition: ■Save the user and password information for the account that you set up for initial configuration. ■Remember and protect these credentials because they allow complete administrative control of the ACS hardware, the CLI, and the application. ■If you lose your administrative credentials, you can reset your password by using the ACS 5.8.1 installation CD. |
Enter the password. |
The console requests for the parameters as shown below:
Enter hostname[]: acs-server-1
Enter IP address[]: a.b.c.d
Enter IP default netmask[]: 255.255.255.255
Enter IP default gateway[]: a.b.c.d
Enter default DNS domain[]: mycompany.com
Enter primary nameserver[]: a.b.c.d
Add secondary nameserver? Y/N : n
Add primary NTP server [time.nist.gov]: a.b.c.d
Add secondary NTP server? Y/N : n
Enter system timezone[UTC]:
Enable SSH service Y/N [N] : y
Enter username [admin]: admin
Pinging the primary nameserver...
Do not use `Ctrl-C' from this point on...
Installing applications...
Generating configuration...
After the ACS server is installed, the system reboots automatically.
Now, you can log into ACS using the CLI username and password that was configured during the setup process.
Note: You can use this username and password to log in to ACS only via the CLI.
Note: The initial setup of the ACS 5.8.1 server should be configured with an IPv4 IP address. You can configure the IPv6 IP address for your server only after the initial setup is completed.
Note: ACS 5.8.1 supports IPv4 and IPv6 dual stack networking and does not support pure IPv6 network.
Verifying the Installation Process
To verify that you have correctly completed the installation process:
1. When the system reboots, at the login prompt enter the username you configured during setup, and press Enter.
2. At password prompt, enter the password you configured during setup, and press Enter.
3. Verify that the application has been installed properly by entering the show application command, and press Enter.
The console displays:
acs Cisco Secure Access Control System 5.8.1
4. At the system prompt, check the release and ACS version that are installed, by entering the show application version acs command and pressing Enter.
Cisco ACS VERSION INFORMATION
-----------------------------
Internal Build ID : B.462
Note: The Version and Internal Build ID may change for different versions of this release.
5. Check the status of ACS processes, at the system prompt by entering show application status acs, and press Enter.
The console displays:
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'adclient' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running
Resetting the Administrator Password
If you are not able to log in to the system due to the loss of the administrator password, you can use the ACS 5.8.1 recovery DVD to reset the administrator password.
Note: You can also use the bootable USB drive and CIMC to reset the administrator password.
To reset the administrator password:
1. Power up the appliance.
2. Insert the ACS 5.8.1 recovery DVD.
The console displays:
Welcome to Cisco Secure ACS 5.8.1 Recovery
To boot from hard disk press <Enter>
[1] Cisco Secure ACS 5.8.1 Installation (Keyboard/Monitor)
[2] Cisco Secure ACS 5.8.1 Installation (Serial Console)
[3] Reset Administrator Password (Keyboard/Monitor)
[4] Reset Administrator Password (Serial Console)
<Enter> Boot from hard disk
Please enter boot option and press <Enter>.
To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video monitor, or enter 4 if you are using a serial console port.
The console displays a set of parameters.
3. Enter the parameters as described in Table 2.
Table 2 Password Reset Parameters
|
|
Admin username |
Enter the number of the administrator whose password you want to reset. |
Password |
Enter the new password for the administrator. |
Verify password |
Enter the password again. |
Save change & Reboot |
Enter Y to save. |
The console displays:
Enter number of admin for password recovery:1
Save change&reeboot? [Y/N]: